Filtered by vendor Checkpoint
Subscriptions
Total
143 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2008-1397 | 1 Checkpoint | 5 Check Point Vpn-1 Pro, Vpn-1, Vpn-1 Firewall-1 and 2 more | 2026-04-23 | N/A |
| Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 software, allows remote authenticated users to cause a denial of service (site-to-site VPN tunnel outage), and possibly intercept network traffic, by configuring the local RFC1918 IP address to be the same as one of this tunnel's endpoint RFC1918 IP addresses, and then using SecuRemote to connect to a network interface at the other endpoint. | ||||
| CVE-2008-0662 | 1 Checkpoint | 1 Vpn-1 Secureclient | 2026-04-23 | 7.8 High |
| The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials. | ||||
| CVE-2008-7025 | 1 Checkpoint | 1 Zonealarm | 2026-04-23 | N/A |
| TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS module via a crafted response. | ||||
| CVE-2007-4216 | 1 Checkpoint | 1 Zonealarm | 2026-04-23 | N/A |
| vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before 7.0.362 allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in a METHOD_NEITHER (1) IOCTL 0x8400000F or (2) IOCTL 0x84000013 request, which can be used to overwrite arbitrary memory locations. | ||||
| CVE-2014-6271 | 17 Apple, Arista, Canonical and 14 more | 90 Mac Os X, Eos, Ubuntu Linux and 87 more | 2026-04-22 | 9.8 Critical |
| GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix. | ||||
| CVE-2014-7169 | 17 Apple, Arista, Canonical and 14 more | 90 Mac Os X, Eos, Ubuntu Linux and 87 more | 2026-04-22 | 9.8 Critical |
| GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271. | ||||
| CVE-2004-0081 | 23 4d, Apple, Avaya and 20 more | 67 Webstar, Mac Os X, Mac Os X Server and 64 more | 2026-04-16 | N/A |
| OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | ||||
| CVE-2004-0112 | 24 4d, Apple, Avaya and 21 more | 65 Webstar, Mac Os X, Mac Os X Server and 62 more | 2026-04-16 | N/A |
| The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. | ||||
| CVE-2002-1623 | 1 Checkpoint | 1 Vpn-1 Firewall-1 | 2026-04-16 | N/A |
| The design of the Internet Key Exchange (IKE) protocol, when using Aggressive Mode for shared secret authentication, does not encrypt initiator or responder identities during negotiation, which may allow remote attackers to determine valid usernames by (1) monitoring responses before the password is supplied or (2) sniffing, as originally reported for FireWall-1 SecuRemote. | ||||
| CVE-2004-0469 | 1 Checkpoint | 4 Firewall-1, Next Generation, Ng-ai and 1 more | 2026-04-16 | N/A |
| Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56, may allow remote attackers to execute arbitrary code during VPN tunnel negotiation. | ||||
| CVE-2002-0428 | 1 Checkpoint | 3 Check Point Vpn, Firewall-1, Next Generation | 2026-04-16 | N/A |
| Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file. | ||||
| CVE-2004-0039 | 1 Checkpoint | 1 Firewall-1 | 2026-04-16 | N/A |
| Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI. | ||||
| CVE-2005-2313 | 1 Checkpoint | 1 Secureclient Ng | 2026-04-16 | N/A |
| Check Point SecuRemote NG with Application Intelligence R54 allows attackers to obtain credentials and gain privileges via unknown attack vectors. | ||||
| CVE-2000-1032 | 1 Checkpoint | 1 Firewall-1 | 2026-04-16 | N/A |
| The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall. | ||||
| CVE-1999-0770 | 1 Checkpoint | 1 Firewall-1 | 2026-04-16 | N/A |
| Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems. | ||||
| CVE-2000-0181 | 1 Checkpoint | 1 Firewall-1 | 2026-04-16 | N/A |
| Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection. | ||||
| CVE-2004-0079 | 23 4d, Apple, Avaya and 20 more | 67 Webstar, Mac Os X, Mac Os X Server and 64 more | 2026-04-16 | 7.5 High |
| The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | ||||
| CVE-1999-0895 | 1 Checkpoint | 1 Firewall-1 | 2026-04-16 | N/A |
| Firewall-1 does not properly restrict access to LDAP attributes. | ||||
| CVE-2000-0805 | 1 Checkpoint | 1 Firewall-1 | 2026-04-16 | N/A |
| Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets." | ||||
| CVE-2000-0807 | 1 Checkpoint | 1 Firewall-1 | 2026-04-16 | N/A |
| The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability." | ||||